package zpx.web.auth;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import zpx.model.User;

public class AuthInterceptor extends HandlerInterceptorAdapter {
    
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if(handler.getClass().isAssignableFrom(HandlerMethod.class)){
            AuthPassport authPassport = ((HandlerMethod) handler).getMethodAnnotation(AuthPassport.class);
            //没有声明需要权限,或者声明不验证权限
            //    if(authPassport == null || authPassport.validate() == false)
            //    return true;
            //else{ 
            	HttpServletRequest hsq = (HttpServletRequest)request;
        		User u = (User)hsq.getSession().getAttribute("loginUser"); 
        		String uri = hsq.getRequestURI();
        		if(u==null&&uri.indexOf("login") == -1&&uri.indexOf(".css") == -1&&uri.indexOf(".JPG")==-1&&uri.indexOf(".gif")==-1
        				&&uri.indexOf(".jpg") == -1&&uri.indexOf(".png")==-1&&uri.indexOf("checkCode") == -1) {
        			((HttpServletResponse)response).sendRedirect(hsq.getContextPath()+"/login");
        			return false;
        		}else {
        			return true;
				}
                
            //}
        }
        else 
            return true; 
     }
    	
}